Topic: nat hairpin/loopback/reflection (Read 7784 times)

bbain · « **on:** May 06, 2016, 05:26:27 AM »

I have seen several references here to this, and 1 post that actually attempts to give some config examples, but no definitive answers.

I commissioned a dfl-260e yesterday, everything went well except for smartphone access to exchange from the internal lan. Because of some quirks in the configuration that I inherited from a previous tech, the phones are all set up with the public IP (wanIP) as the server address to access the mail server. This works fantastic outside the lan, but needs the nat loopback inside the lan.

I followed this http://forums.dlink.com/index.php?topic=7444.0 but something is missing as it does not work.

Thanks for any help you can provide.

FurryNutz · « **Reply #1 on:** May 06, 2016, 07:00:28 AM »

Link>Welcome!

What Hardware version is your DFL? Look at sticker under the DFL case.
Link>What Firmware version is currently loaded? Found on the DFLs web page under status.
What region are you located?

bbain · « **Reply #2 on:** May 06, 2016, 07:25:34 AM »

HW rev is A I do believe (it is at a remote location and I can't put my eyes on it at the moment)

FW 10.21.02.01

I am in North America.

Rara Avis · « **Reply #3 on:** May 07, 2016, 09:46:15 AM »

With the new UI, you can skip the whole 2 rules confusing process and just add one policy and hairpinning will "just work". If you survived the IP rule procedure it should be straight forward, just disable your old rules and a policy instead.

In case anyone needs to know the old process, the problem with hairpinning is that you either have to NAT the source address (and probably only want to do that for internally sourced traffic if any) or you will violate the IP Access rules. This means you usually use three IP rules or play around with access rules.

bbain · « **Reply #4 on:** May 12, 2016, 11:48:32 AM »

What is the source you have in there? Wan_lan? I don't see that. Is it a group of some sort? I tried using the WanIp and the LanIP and neither worked.

I have the phones working internally now using split horizon DNS but that breaks something else (but that issue is minor, I can live with it temporarily)

FurryNutz · « **Reply #5 on:** June 01, 2016, 07:01:57 AM »

Any status on this?

bbain · « **Reply #6 on:** October 20, 2016, 10:01:21 AM »

Quote from: FurryNutz on June 01, 2016, 07:01:57 AM

Any status on this?

I gave up on the nat hairpin/loopback/reflection as it was taking too much time to sort out.

I went with split horizon DNS and fixed the minor problem it caused and things have been humming along without a problem for a couple months.

FurryNutz · « **Reply #7 on:** October 20, 2016, 10:07:18 AM »

Thanks for letting us know.

D-Link Forums

News:

Author Topic: nat hairpin/loopback/reflection (Read 7784 times)

bbain

nat hairpin/loopback/reflection

FurryNutz

Re: nat hairpin/loopback/reflection

bbain

Re: nat hairpin/loopback/reflection

Rara Avis

Re: nat hairpin/loopback/reflection

bbain

Re: nat hairpin/loopback/reflection

FurryNutz

Re: nat hairpin/loopback/reflection

bbain

Re: nat hairpin/loopback/reflection

FurryNutz

Re: nat hairpin/loopback/reflection